August 10, 2011 at 4:36 pm
Hi Everyone,
I have come across a very weird situation which I'm unable to figure out. We have a situation where users are able to access a folder in the report manager (http://ReportServer/Reports) for which they don't have access and are able to add or delete groups and users in the security tab which give them access to view the reports which they are not supposed to do.
I appreciate if someone could assist me why everyone is able to do that.
Thanks!
August 10, 2011 at 4:39 pm
Do they have access via AD groups maybe?
August 11, 2011 at 12:16 pm
Hi,
First of all I would like to thank you for the prompt response. I dont think that they have access through AD because the people who are able to update the security are not in the AD group that have access.
My question here would be how are these people able to view the folders and reports within that when they are not in the role that has access to these folders?
Thanks again
August 11, 2011 at 12:19 pm
I had no idea beyond maybe they are in an admin group. I'm really no expert in security. I just have 2 groups here. CEO group and normal users.
The only difference is 2 folders for the CEO and that's it.
I've never studied much beyond those needs.
I'll step aside unless I have other ideas or you have more hints.
Good luck with this.
August 12, 2011 at 9:01 am
Here is something i've noticed.
The Secruity at the Home tab has the below groups
1. BUILTIN\Administrators with role: Content Manager
2. <ReportServer>\DPMDBAdministrators$<ReportServerName> with role: DPMAdminsRole
Do you think if any of these is giving access?
August 12, 2011 at 9:06 am
Here's how I would debug this.
Take another server, make a clean install. And then compare what's different security wise. I'm sure it's just a simple tweak or two.
Can't think of anything else useful at the moment.
August 15, 2011 at 11:12 am
The two groups you mentioned could have an impact. Can you go into the local users and groups console and verify what users have been added to the local admins (BUILTIN\Administrators) and the ReportServer>\DPMDBAdministrators$CHI01DPM groups? You may found out that authenticated users or another group has been added to one of these groups which is allowing the unauthorized access. A clean install should show that only the BUILTIN\administrators group is given administrative permissions initially.
August 23, 2011 at 10:24 am
just check DPMAdminsRole in "site settings-> Item-Level Roles"
DPMAdminsRole has Manage folder permission given.
Regards
Durai Nagarajan
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply